tl;dr Just try to ignore them
Ive subscribed to PyPIs new packages feed for some time. In recent days, its like Déjà vu. I kept seeing same sentence over and over again:
A simple printer of nested lists
But the packages all are different. At first, I thought, this nested list printing thing must be a big deal, even I really dont have any idea how so.
I started to feel really weird for seeing so many packages for exactly same task, deep inside, its telling me something is wrong, so I downloaded one and began to understand what that was all about and as I searched simple printer of nested lists, I knew exactly what they are:
They are spams.
The content of the package (zip or tarball) always is:
PKG-INFO nester.py setup.py
The module filename may differin this case, its nester.pybut the code in the file is always with the same strange function name:
def print_lol(...):
It sometimes has different arguments andd some additional comments, I believe all are to make confusion. But the goal and purpose are clear, using url in setup.py for luring people to the websites, which is linked on PyPI. Some of those packages dont even have files uploaded, just a website link.
It seems to start around 2014-02-12, according to the first package. I have filed a report and got a quick response:
Richard Jones: I regularly clean out these modules. Just try to ignore them.
Apparently, it must be more common than I thought.
I have seen spams on GitHub, now PyPI, wondering whos next. Whoever next, if you see any on PyPI like I do, well, all you can do is: ignore them.
0 comments:
Post a Comment